set bluetooth to disabled by default on debian 10

I'm not sure why Debian developers think it's good to enable bluetooth automatically on boot. I think this is a privacy issue and would prefer bluetooth to be "opt-in". So here's how to make sure bluetooth is turned off by default:

# install tool for disabling bluetooth
# it's a shame debian has no api for this!

sudo apt install rfkill

# setup systemd unit

cat << EOF | sudo bash -c 'cat > /etc/systemd/system/disable-bluetooth-on-startup.service'
Description=Make shure Bluetooth is disabled on system start.

ExecStart=rfkill block bluetooth


# enable systemd unit

sudo systemctl enable disable-bluetooth-on-startup

fix suspending ThinkPad S1 Yoga on Debian 10

On Debian 10 suspending ThinkPad S1 Yoga does not work for me. When I call systemctl suspend the device suspends and instantly wakes up again. I could fix it by flicking the XHC switch in /proc/acpi/wakeup. I used to use persist this in /etc/rc.local in the past. But it's not there anymore on Debian 10. So here's how I persisted this using a systemd unit:

cat << EOF | sudo bash -c 'cat > /etc/systemd/system/thinkpad-s1-suspend-fix.service'

ExecStart=bash -c 'grep 'XHC.*enabled' /proc/acpi/wakeup && echo XHC > /proc/acpi/wakeup'


Now lets tell systemd to apply this fix on boot and also apply it right now:

sudo systemctl enable thinkpad-s1-suspend-fix.service
sudo systemctl start thinkpad-s1-suspend-fix.service

os game clones index

Too bad most computer games are non-free. But there are suprisingly many libre games. They're not necessarily on par with their prorietary counterparts, but they're fun too. Here's a curated list of libre games: https://osgameclones.com

Mozilla TLS configuration generator

When you're new to web hosting, finding decent TLS settings is not trivial. Retrospectively a lot of time I've put into this feels wasted, because finding optimal TLS settings basically is a never ending scientific effort. IMHO web-servers should be pre-configured for getting you decent TLS scores, but they're not.

The next best thing to getting a sane default configuration is using a well-maintained configuration generator. Luckily Mozilla is publishing one:


It's a super useful tool, because crafting good TLS configurations requires a lot of expertise. While this saved me quite some time and headaches, it's probably still a good idea to test those generated TLS configs against SSL Test, Mozilla Observatory, etc. Double-checking is important when doing security relevant stuff.

carousels are annoying still

It feels to me, that carousels got out of fashion, or at least they rarely annoy me these days. Which is a good thing! Today thou I was confronted with a particularly annoying one. It's probably old news, but I occasionally still like to point people to:


I'm just glad my personal carousel cringe frequency went down over the last view years.

setup vim autocompletion (on debian 10)

I think youcomplteme is a great autocompletion addon for vim. It's simple but effecite. It's also packaged for debian.

sudo apt install vim-addon-manager vim-youcompleteme python3-future
vam install youcompleteme
echo 'let g:ycm_global_ycm_extra_conf = "/usr/lib/ycmd/ycm_extra_conf.py"' >> ~/.vimrc
echo 'filetype on' >> ~/.vimrc

That's it. I've been using this for years and I'm quite happy with it.

Note: python3-future is required as a workaround, because debian ships a old version of youcompleteme. When you're developing python and use virtual-env, this can hide the future module form you path. This then triggers the previously mentioned bug. vim will prompt YouCompleteMe unavailable: No module named 'future' on startup. An easy mitigation is to just install that moduel to your venvs too, eg. with: python3 -m pip install future.

Semantic versioning

I think it's funny how version numbering actually is a engineering technique for avoiding incompatibilities, but made it's way to popular culture. I guess it's hard to escape hearing about Web 2.0, Industry 4.0, or whatever. Thou isn't Web 2.0 already a thing of the past?

Anyway version numbering actually is an great engineering tool. Especially when done right. So here's how it's supposed to work:


I wonder why this never was topic at school/university for me.

Reproducible Builds Manifesto

I occasionally encounter people who never heard about reproducible builds before. Since this is a very important technique I thought I should share the link.


It's basically a technique for making sure software was not tampered with. Overall I think every piece of software should be built reproducibly, especially infrastructure like libraries, operating systems, app-stores etc...

Keep a Changelog dot com

Sometimes it's helpful reading through a changelog. Not may projects keep one. Often enough they're not well kept either. Today I stumbled upon a nice guide for structuring changelogs, I really hope this becomes an industry standard: